CPP: Bypass some of the complexity in 'toString'.

geoffw0 · geoffw0 · commit 20eb39d37e82 · 2019-12-03T10:44:59.000Z
diff --git a/cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll b/cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll
@@ -19,18 +19,12 @@ abstract class SensitiveExpr extends Expr { }
 
 class SensitiveVarAccess extends SensitiveExpr {
   SensitiveVarAccess() {
-    this instanceof VariableAccess and
-    exists(string s | this.toString().toLowerCase() = s |
-      suspicious(s)
-    )
+    suspicious(this.(VariableAccess).getTarget().getName().toLowerCase())
   }
 }
 
 class SensitiveCall extends SensitiveExpr {
   SensitiveCall() {
-    this instanceof FunctionCall and
-    exists(string s | this.toString().toLowerCase() = s |
-      suspicious(s)
-    )
+    suspicious(this.(FunctionCall).getTarget().getName().toLowerCase())
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -19,18 +19,12 @@ abstract class SensitiveExpr extends Expr { }`
`19`	`19`
`20`	`20`	`class SensitiveVarAccess extends SensitiveExpr {`
`21`	`21`	`SensitiveVarAccess() {`
`22`		`- this instanceof VariableAccess and`
`23`		`- exists(string s \| this.toString().toLowerCase() = s \|`
`24`		`- suspicious(s)`
`25`		`- )`
	`22`	`+ suspicious(this.(VariableAccess).getTarget().getName().toLowerCase())`
`26`	`23`	`}`
`27`	`24`	`}`
`28`	`25`
`29`	`26`	`class SensitiveCall extends SensitiveExpr {`
`30`	`27`	`SensitiveCall() {`
`31`		`- this instanceof FunctionCall and`
`32`		`- exists(string s \| this.toString().toLowerCase() = s \|`
`33`		`- suspicious(s)`
`34`		`- )`
	`28`	`+ suspicious(this.(FunctionCall).getTarget().getName().toLowerCase())`
`35`	`29`	`}`
`36`	`30`	`}`